I would even say that even "just html" is enough for most website/app. We've been using "just html" at my company ( rosaly.com) for 5 years, we've raised 10 million, have hundreds of customer, and nobody ever complained. And the Android/Ios applications are 234 lines of React-Native which is just embedding a webview , a bit of error screen when there's no internet connection , and intercom library for notification.

for CI you can already use postgresql with "eat-my-data" library ? I don't know if there's more official image , but in my company we're using https://github.com/allan-simon/postgres-eatmydata

You can just set fsync=off if you don't want to flush to disk and are ok with corruption in case of a OS/hw level crash.

Huh, i always just mounted the data directory as tmpfs/ramdisk. Worked nicely too

3 month I was annoyed by the "let me translate the page for you" and last week in vacation I was browsing some local website, and I was more than happy to have firefox being able to translate the website dynamically, the result was okay-ish , but okay enough that I was able to proceed. And I'm more than happy that it didn't left my mobile device.

I was wondering how easy it is

I.e I know that hdmi stream can be encrypted so I guess for Netflix you can't juste have a "hdmi splitter"? Do you need to go as far as plugging yourself just before the lcd pixels ? And if so , is it the moment where its easier to have a high def camera pointed at your lcd screen with post processing?

Everything has risks, every time you go out of for a run you can injure yourself, fall badly on the head and die. Nearly all Life decision are about risk/benefits

In this specific case , it is a svg, so you can ask to translate the svg source.

For regulatory requirements: yes !

I currently for EIDAS certificates, I can only choose a vouched certificate provider, and it's mostly somes that requires me to in person with my ID card with someone verifying the guy who made the CSR is actually me.

The certificate is used for double SSL to authentify the server doing the request , i.e that the server doing an API call to the bank server is one I own. (I find it a pretty neat solution and much better than requiring to make a theater dance to get a token to renew every 3600 seconds )

Well, its eidas, ofc you need to show the id

I know, it was to give example of why not every certificate can be "let's encrypt" and why some people still pay for certificate in 2025.

I think it's all about change management

a whole month put you in the "if you don't have the resource to automate it, it's still doable by a human, not enough to crush somebody, but still enough to make the option , let's automate fully something to consider"

hence why it's better than a week or a day (it's too much pressure for small companies) better than hours/minutes/secondes (it means you go from 1 year to 'now it must be fully automated right now ! )

a year or two years was not a good idea, because you loose knowledge, it creates pressure (oh my.... not the scary yearly certificate renewal, i remember last year we broke something, we i don't remember what...)

A month, you either start to fully document it, or at least to have it fresh in your mind. A month give you time to everytime think "ok, we have 30 certicates, can't we have a wild card, or a certificate with several domain in it?"

> Perhaps it's time to go with another method entirely.

I think that's the way forward, it's just that it will not happen in one step, and going to one month is a first step.

source: We have to manage a lot of certificate for a lot of different use cases (ssh, mutual ssl for authentification, classical HTTPS certificate etc. ) and we learned the hard way that no 2 years is not better than 1 , and I agree that one month would be better

also https://www.digicert.com/blog/tls-certificate-lifetimes-will...

I think the less conservative stakeholders here would honestly rather do the six-day thing. They don't view the "still doable by a human" thing as a feature; they'd rather everyone think of certificate management as something that has to be fully automated, much like how humans don't manually respond to HTTP requests. Of course, the idea is not to make every tiny organization come up with a bespoke automation solution; rather, it's to make everyone who writes web server software designed to be exposed to the public internet think of certificate management as included within the scope of problems that are their responsibility to solve, through ACME integration or similar. There isn't any reason in principle why this wouldn't work, and I don't think there'd have been a lot of objections if it had worked this way from the beginning; resistance is coming primarily from stakeholders who don't ever want to change anything as they view it as a pure cost.

(Why not less than six days? Because I think at that point you might start to face some availability tradeoffs even if everything is always fully automated.)

> it creates pressure (oh my.... not the scary yearly certificate renewal, i remember last year we broke something, we i don't remember what...)

Ah yes, let's make a terrible workflow to externally force companies who can't be arsed to document their processes to do things properly, at the expense of everyone else.

But it's a decent trade-off and you're using sarcasm in place of fleshing out your claim.

Monthly expiration is a simple way to force you to automate something. Everyone benefits from automating it, too.

I'm very honestly wondering if they become violent, because using socratic method has closed the other road.

I mean if you've just proven that my words and logic are actually unsound and incoherent how can I use that very logic with you? If you add to this that most people want to win an argument (when facing opposite point of view) then what's left to win but violence ?

Isn't this ultimately what happened to Socrates himself?

(I don't think enough people take the lesson from this of "it doesn't matter if you're right if you're also really obnoxious about it")

I’m pretty sure Socrates wasn’t even being obnoxious about it.

The lesson I took was, he would rather be dead right, than a live liar.

We all end up making that choice at some point, if we recognize it or not.

One lesson I learned is that you, more often than not, cannot convince a person to change their opinion by arguing with them.

Violence is the last refuge of the incompetent. -- Asimov

Never underestimate the effectiveness of violence.

- every successful general and politician ever

... you can change your judgement/thoughts and be on the correct side.

it was not about what I could do, but explaining why people may resort to violence.

And to be very honest even the one using the socratic method may not be of pure intention.

In both cases I ve rarely (not never) met someone who admitted right away to be wrong as the conclusion of a argument.

Have you met people?

A lot of companies I know have "kindness/empathy" in their value or even promote it as part of the company philosophy to the point it has already become a cliché (and so new companies explicitly avoid to put it explicitly)

I can say also a lot of DEI trainings were about being empathic to the minorities.

Well yes, but that's not actually empathy. Empathy has to be felt by an actual person. Indeed its literally the contrary/opposite case. They have to emphasise it specifically because they are reacting to the observation that they, as a giant congregate artificial profit-seeking legally-defined entity as opposed to a real one, are incapable of feeling such.

Do you also think that family values are ever present at startups that say we're like a family? It's specifically a psychological and social conditioning response to try to compensate for the things they're recognised as lacking...

Yes hence why it's an example of

>its institutionalization has become pathological.

But the problem there isn't empathy as a value, the problem is that is comes across as very clearly fake in most cases

Wait, hold on.

1) the word is “empathetic,” not “empathic.” 2) are you saying that people should not be empathetic to minorities?

Do you know why that is what’s taught in DEI trainings? I’m serious: do you have even the first clue or historical context for why people are painstakingly taught to show empathy to minorities in DEI trainings?

You know I can explain why a murderer has killed someone in her twisted system of value without myself adhering to said system

Also don't be so harsh on interpreting what I'm saying.

I'm saying that it's not the job of a company to "train" about moral value, while bring itself amoral by definition. Why are you interpreting that as me saying "nobody should teach moral value"

Also I don't see why as a French working in France, a French company should "train" me with a DEI focused on US history (US minorities are not French one) just because the main investors are US-based

> A lot of companies I know have "kindness/empathy" in their value or even promote it as part of the company philosophy to the point it has already become a cliché (and so new companies explicitly avoid to put it explicitly)

That’s purely performative, though. As sincere as the net zero goals from last year that were dropped as soon as Trump provided some cover. It is not empathy, it is a façade.

I think that's what he means when he says

> its institutionalization has become pathological.

Empathy isn't strong for people you don't know personally and near nonexistent for people you don't even know exist. That's why we are just fine with buying products made my near slave labor to save a bit of money. It's also why those cringe DEI trainings can never rise above the level of performative empathy. Empathy just isn't capable of generating enough cohesion in large organizations and you need to use the more rational and transactional tool of incentive alignment of self interest to corporate goals. But most people have trouble accepting that sort of lever of control on an emotional level because purely transactional relationships feel cold and unnatural. That's why you get cringe attempts to inject empathy into the corporate world where it clearly doesn't belong.

Oh lord, not you too.

Do you have any knowledge of history and why there would be mandatory DEI trainings teaching people how to show empathy towards minorities?

Please, come on. Tell me this isn’t the level of quality in humanity we have today.